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^ ■ Abstract. We reformulate Pratt's tableau decision procedure of checking 

satisfiability of a set of formulas in PDL. Our formulation is simpler and 
more direct for implementation. Extending the method we give the first Ex- 
pTime (optimal) tableau decision procedure not based on transformation for 
checking consistency of an ABox w.r.t. a TBox in PDL (here, PDL is treated 
as a description logic). We also prove the new result that the data complexity 
I— I ' of the instance checking problem in PDL is coNP-complete. 

1 Introduction 

(N 

Propositional dynamic logic (PDL) is a multi-modal logic introduced by Fischer and 
' Ladner [8] for reasoning about programs. It is useful not only for program verifica- 

j — , tion but also for other fields of computer science like knowledge representation and 

artificial intelligence (e.g., [18, 19,4,6]). For example, the description logic ACC reg , 
^1 , a notational variant of PDL, can be used for reasoning about structured knowledge. 

f^) ' The problem of checking satisfiability of a set of formulas in PDL is ExpTime- 

0^ , complete. This result was established by Fischer and Ladner [8], but their decision 

procedure for PDL is via filtration and canonical model and therefore is not really 
practical. The first practical and optimal (ExpTime) decision procedure for PDL 
was given by Pratt [26]. The essence of his procedure is based on constructing an 
"and-or" graph for the considered set of formulas by using tableau rules and global 
caching, and then checking whether a model for the set can be extracted from the 
graph. However, the formulation of his procedure is a bit too indirect: it goes via 
a labeled tableau calculus, tree- like labeled tableaux, tree- like traditional ("lean") 
tableaux, and "and-or" graphs. 

De Giacomo and Massacci [5] gave a NExpTime algorithm for checking satisfiabil- 
ity in CPDL (i.e., PDL with converse) and described how to transform the algorithm 
to an ExpTime version. However, the description is informal and unclear: the trans- 
formation is based on Pratt's global caching method formulated for PDL [26], but no 
global caching method has been formalized and proved sound for labeled tableaux 
that allow modifying labels of ancestor nodes in order to deal with converse. 1 Abate 
et al. [1] gave a "single-pass" tableau decision procedure for checking satisfiability 
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1 Gore and Nguyen have recently formalized sound global caching [12-14, 16, 17] for tra- 
ditional (unlabeled) tableaux in a number of modal logics without the * operator, which 
never modify ancestor nodes. 
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in PDL. Their algorithm does not exploit global caching [26, 17] and has complex- 
ity 2ExpTime in the worst cases. There are a few prototype implementations for 
checking satisfiability in PDL [30, 22, 1]. 

There is a tight relationship between multi-modal logics and description logics 
which will often be exploited in this paper. Two basic components of description logic 
theories are ABoxes and TBoxes. An ABox (assertion box) consists of facts and 
a TBox (terminological box) consists of formulas expressing relationships between 
concepts. Two basic reasoning problems considered in description logics, amongst 
others, are: 

1. the problem of checking consistency of an ABox w.r.t. a TBox, 

2. the instance checking problem. 

The first tableau-based procedure for ACC reg (PDL) in the description logic con- 
text was proposed by Baader [2] (the correspondence between ACC reg and PDL 
had not yet been known). His procedure, however, has non-optimal complexity 
2ExpTime. The correspondence between description logics like ACC reg and PDL 
was first described in Schild's paper [29]. In [9], encoding the ABox by "nominals" 
and "internalizing" the TBox, De Giacomo showed that the complexity of check- 
ing consistency of an ABox w.r.t. a TBox in CPDL is ExpTiME-complctc. In [10], 
using a transformation that encodes the ABox by a concept assertion plus terminol- 
ogy axioms, De Giacomo and Lenzerini showed that the mentioned problem is also 
ExpTiME-complete for the description logic CTQ (an extension of CPDL). 

In this paper, we reformulate Pratt's algorithm of checking satisfiability of a set 
of formulas in PDL. Our formulation is directly based on building an "and-or" graph 
by using traditional (unlabeled) tableau rules and global caching and is therefore 
simpler and more direct for implementation. Extending the method we give the 
first ExpTime (optimal) tableau decision procedure not based on transformation 
(encoding) for checking consistency of an ABox w.r.t. a TBox in PDL. 

Despite that the upper-bound ExpTime is known for the complexity of the 
mentioned satisfiability problem in CPDL, implemented tableau provers for de- 
scription logics usually have non-optimal complexity 2ExpTime. In the well-known 
overview [3], Baader and Sattler wrote: "The point in designing these [non- optimal] 
algorithms was not to prove worst-case complexity results, but . . . to obtain 'practi- 
cal' algorithms . . . that are easy to implement and optimise, and which behave well 
on realistic knowledge bases. Nevertheless, the fact that 'natural' tableau algorithms 
for such ExpTime- complete logics are usually NExpTime- algorithms is an unpleasant 
phenomenon. . . . Attempts to design ExpTiME-tableaux for such logics (De Giacomo 
et ai, 1996; De Giacomo and Massacci, 1996; Donini and Massacci, 1999) usually 
lead to rather complicated (and thus not easy to implement) algorithms, which (to 
the best of our knowledge) have not been implemented yet." [3, page 26]. 

Our formulation of tableau calculi and decision procedures for PDL is short and 
clear, which makes the procedures natural and easy to implement. The first author 
has implemented a tableau provcr called TGC for the basic description logic ACC, 
which is also based on "and-or" graphs with global caching. The test results of TGC 
on the sets T98-sat and T98-kb of DL'98 Systems Comparison are comparable with 
the test results of the best systems DLP-98 and FaCT-98 that took part in that com- 
parison (see [23]). One can say that the mentioned test sets are not representative 
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for practical applications, but the comparison at least shows that optimization tech- 
niques can be applied (not only for ACC but also PDL) to obtain decision procedures 
that arc both efficient in practice and optimal w.r.t. complexity. 

We also study the data complexity of the instance checking problem in PDL. 
For the well-known description logic STCIQ, Hustadt et al. [21] proved that the 
data complexity of that problem is coNP-complete. The lower bound for the data 
complexity of that problem in PDL (ACC reg ) is known to be coNP-hard (shown for 
ACC by Schaerf in [28]). In this paper, by establishing the upper bound, we prove 
the new result that the data complexity of the instance checking problem in PDL is 
coNP-complete. 

The rest of this paper is structured as follows. In Section 2, we define syntax 
and semantics of PDL. In Section 3 we formulate the problems we deal with. In 
Section 4, we present a tableau calculus for checking satisfiability of a set of formulas 
w.r.t. a set of global assumptions in PDL. In Section 5, we extend that calculus for 
checking consistency of an ABox w.r.t. a set of global assumptions (i.e., a TBox) in 
PDL. In Section 6, we give decision procedures based on our tableau calculi for the 
mentioned problems and derive the data complexity result. In Section 7, we discuss 
optimizations for our decision procedures. Conclusions are given in Section 8. Proofs 
of soundness and completeness of our calculi are presented in the appendices. 

2 Propositional Dynamic Logic 

We use n to denote the set of atomic programs, and <P to denote the set of proposi- 
tions (i.e., atomic formulas). We denote elements of 7T by letters like a, and elements 
of <P by letters like p, q. Formulas and programs of PDL are defined respectively by 
the following BNF grammar rules: 

<p> ::= T | _L | p \ -^ip \ ip A ip \ ip V ip \ ip — > ip | (a)ip | [a]<p 
a ::= a \ a; a \ a U a \ a* (pi 

We use letters like a, (3 to denote programs, and ip, ip, £ to denote formulas. 

A Kripke model is a pair M = (A M , - M ), where A M is a set of states, and - M is 
an interpretation function that maps each proposition p to a subset p M of A M , and 
each atomic program a to a binary relation a M on A M . The interpretation function 
is extended to interpret complex formulas and complex programs as follows: 

(<p> a ip) M = <p> M n tp M , (<p v f) M = <p M u ip M , (<p -> ip) M = (-nip v il>) M 

((a)<p) M = {x e A M | 3y[a M (x,y)Aip M (y)}} 
([a] V ) M = {x e A M | Vy[a M (x,y) - <p M (y)}} 

(a;(3) M =a M of3 M = {(x,y) \ 3z[a M (x, z) A (3 M (z, y)}} 

(aU0) M =a M U/3 M , (a*) M = (a M )*, (<p?) M = {(x,x) \ ip M (x)} 

We write A4,w \= ip to denote w e ip M . For a set X of formulas, we write 
M, w |= X to denote that M, w \= ip for all ip e X. If M, w [= ip (resp. M, w \= X), 
then we say that M satisfies (p (resp. X) at w, and that ip (resp. X) is satisfied 
at w in M. We say that M validates X if M,w \= X for all w e A M , and that 
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X is satisfiable w.r.t. a set r of formulas used as global assumptions if there exists 
a Kripke model that validates r and satisfies X at some state. 

The Fischer-Ladner closure FL(ip) and the sets FL a ([a]ip) and FL° ((a)<p), 
where ip is a formula in negation normal form (NNF), are the sets of formulas 
defined as follows: 2 

FL(T) = {T}, FL(_L) = {_!_}, FL(p) = M, FL(-p) = {-p}, 

FL(v? A V) = {v? A V} U FL(<p) U FL(^), 

FL(<^ V V) = {v? V V} U FL(ip) U fL^j, 

FL([a]p) - FL n ([a]p) U FL(p), FL((a)ip) = FL°((a)ip) U 



FL D 
FL a 
FL a 
FL a 
FL a 

FL° 
FL^ 
FL° 
FL° 
FL® 



([a]ip) = {{a]ip}, 

Qa;/%) = {[a;f3]p}UFL n ([a}[(3}p)UFL a ([(3])p, 
QaU/%) = {[a\JI3]tp}\JFL a {[a]tp)\JFL n ([l3\)ip, 
([a*]ip) = {[a*]ip}UFL n {[a}[a*]<p), 
(^?b)={[^?MuFL(^), 

((0">V) = {>M, 

((a; 0)<p) = {(a; /?M U FL°{(a){0)<p) U FL°{{p,)<Pi 
((a U /3>p) - {(a U /3)^} U FL°((a)<p) U FL<>((f3))v, 
((a*)<p) = {(a*)<p}U FL«((a)(a*)<p), 

(<V>?>^) = {<V?Mufi,(# 



For a set X of formulas in NNF, define FL(X) = M e x 



3 The Problems We Address 



When interpreting PDL as a description logic, states in a Kripke model, formulas, 
and programs are regarded respectively as "objects" , "concepts" , and "roles" . A 
finite set r of global assumptions is treated as a "TBox" . As for description logics, 
we introduce ABoxes and consider the problem of checking whether a given ABox 
is consistent with a given TBox, which is related to the instance checking problem. 

We prefer to use the terminology of PDL instead of that of ACC reg because 
this work is related to Pratt's work on PDL. We use the term state variable as an 
equivalent for the term "individual" used in description logic, and use letters like 
a, b, c to denote state variables. We extend the notion of Kripke model so that 
the interpretation function - M of a Kripke model M maps each state variable a to 
a state a M of M. 

An ABox is a finite set of assertions of the form a : ip or a(a,b), where if is a 
formula in NNF and a is a state variable. The meaning of a : ip is that formula ip is 
satisfied in state a. An ABox is extensionally reduced if it contains only assertions 
of the form a:p or a(a, b). We will refer to ABox assertions also as formulas. When 
necessary, we refer to formulas that are not ABox assertions as traditional formulas. 

A TBox is a finite set of traditional formulas in NNF. 

A Kripke model M. satisfies an ABox A if a M G p M for all {a: ip) G A and 
(a M ,b M ) G <t m for all a(a,b) G A. An ABox A is satisfiable w.r.t. (or consistent 
with) a TBox r iff there exists a Kripke model M that satisfies A and validates r. 

2 In NNF, the connective — > does not occur and -1 occurs only immediately before propo- 
sitions. Every formula can be transformed to an equivalent formula in NNF. 



Optimal Tableau Decision Procedures for PDL 5 

The first problem we address is the problem of checking satisfiability of an ABox 
w.r.t. a TBox 

Consider the use of PDL as a description logic. A pair (A, r) of an ABox A 
and a TBox r is treated as a knowledge base. A Kripke model that satisfies A and 
validates r is called a model of (A, r) . Given a (traditional) formula <p (treated 
as a "concept") and a state variable a (treated as an "individual"), the problem 
of checking whether a M G ip M in every model M. of (A, r) is called the instance 
checking problem (in PDL). 

The second problem considered in this paper is the instance checking problem. 
The condition to check is denoted in such cases by (A, r) \= <p(a). 

4 A Tableau Calculus for PDL 

In this section, we do not consider ABoxes yet, and by a "formula" we mean a 
"traditional formula" . Let X and r be finite sets of formulas. Consider the problem 
of checking whether X is satisfiable in PDL w.r.t. the set _T of global assumptions. 
We assume that formulas are represented in NNF. We write Tp to denote the NNF 

of -lip. 

We will define tableaux as "and-or" graphs. The contents of a node v of an "and- 
or" graph are a data structure consisting of two sets C(v) and rfs(v) of formulas, 
where C(v) is called the label of v, and rfs(v) is called "the set of formulas that have 
been reduced by a static rule after the last application of the transitional rule" . 

Our calculus Cpdl will be specified as a finite set of tableau rules, which are used 
to expand nodes of "and-or" graphs. A tableau rule is specified with the following 
informations: 

— the kind of the rule: an "and" -rule or an "or"-rule, 

— the conditions for applicability of the rule (if any) , 

— the priority of the rule, 

— the number of successors of a node resulting from applying the rule to it, and 
the way to compute their contents. 

Usually, a tableau rule is written downwards, with a set of formulas above the line 
as the premise, which represents the label of the node to which the rule is applied, 
and a number of sets of formulas below the line as the (possible) conclusions, which 
represent the labels of the successor nodes resulting from the application of the 
rule. 3 Possible conclusions of an "or" -rule are separated by |, while conclusions of an 
"and"-rule are separated/specified using &. If a rule is a unary rule (i.e. a rule with 
only one possible conclusion) or an "and" -rule then its conclusions are "firm" and 
we ignore the word "possible". An "or" -rule has the meaning that, if the premise is 
satisfiable w.r.t. r then some of the possible conclusions is also satisfiable w.r.t. r. 
On the other hand, an "and"-rule has the meaning that, if the premise is satisfiable 
w.r.t. r then all of the conclusions are also satisfiable w.r.t. r (possibly in different 
states of the model under construction). Note that, apart from the labels, there are 
also sets rfs(S) to be specified for the successor nodes. 

3 In [11,14], "premise" and "possible conclusion" are called numerator and denominator, 
respectively. 
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(trans) 



_L v ' _L 

(A) (V) 



y,^,V v ' y,<p\y,i> 



(D U ) (0u) y > u /^ 



(□,)-* (o ?) Y >W>" 



(□o ^'h?, (o.) y ' K) ^ 



y iV »,[a][a*] V v y y,<p|y,{a)( a *>^ 

y 



&{ (M u {V> s.t. [<r]v> e y} u r) s.t. {a)<^ e y } 



Table 1. Rules of the tableau calculus Cpdl 



We use Y to denote a set of formulas, and write Y, ip for Y U {ip}. 

Define tableau calculus Cpdl w.r.t. a set r of global assumptions to be the set of 
the tableau rules given in Table 1. The rule (trans) is the only "and" -rule and the 
only transitional rule. Instantiating this rule, for example, to Y = {(<r)p, {<j)q, [cr]r] 
and r = {s} we get two conclusions: {p, r, s} and {q, r, s}. The other rules of Cpdl 
are "or" -rules, which are also called static rules. 4 The intuition of the sorting of 
static/transitional is that the static rules keep us in the same state of the model 
under construction, while each conclusion of the transitional rule takes us to a new 
state. For any rule of Cpdl except (trans), the distinguished formulas of the premise 
are called the principal formulas of the rule. The principal formulas of the rule 
(trans) arc the formulas of the form {a)ip of the premise. We assume that any one 
of the rules (A), (V), (□;), (O u ), (□?), (□*) is applicable to a node v only when the 
principal formula does not belong to rfs(v). Applying a static rule different from 
(_l_o) and (_L) to a node v, for any successor node w of v, let rfs(w) be the set that 
extends rfs(v) with the principal formula of the applied rule. Applying any other 
rule to a node v, for any successor node w of v, let rfs(w) = 0. 

Observe that, by using r/s(_) and the restriction on applicability of the rules (A), 
(V), (□;), (Du), and (□*), in any sequence of applications of static rules a 

formula of the form ip A ip, ip V ip, [<x; f3]<p, [a U @]<p, [ip7]ip, or [a*]<p is reduced (as 
a principal formula) at most once. We do not adopt such a restriction for the rules 



4 Unary static rules can be treated either as "and"-rules or as "or"-rules. In [17], the rules 
(J_o) and (_L) are classified as terminal rules. 
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(0 ; ), (Oy), (<>?), and (O*) because we will require formulas of the form (a)(p to be 
"realized" (in a finite number of steps). 

We assume the following preferences for the rules of Cpdl: the rules (J_o) and 
(_L) have the highest priority; unary static rules have a higher priority than non- 
unary static rules; all the static rules have a higher priority than the transitional 
rule (trans). 

An "and-or" graph for (X,T), also called a tableau for (X,T), is an "and-or" 
graph defined as follows. The initial node v of the graph, called the root of the graph, 
is specified by C(v) = X U r and rfs(v) = 0. For every node v of the graph, if a 
tableau rule of Cpdl is applicable to the label of v in the sense that an instance of the 
rule has C(v) as the premise and Z\, . . . , as the possible conclusions, then choose 
such a rule accordingly to the preference 5 and apply it to v to create k successors 
w\, . . . , Wk of v with C(wi) — Zi for 1 < i < k. If the graph already contains a 
node w- with the same contents as Wi then instead of creating a new node Wi as 
a successor of v we just connect v to and assume Wi — . If the applied rule is 
(trans) then we label the edge (v, Wi) by the principal formula corresponding to the 
successor Wi. If the rule expanding v is an "or" -rule then v is an "or" -node, else v 
is an "and"-node. The information about which rule is applied to v is recorded for 
later uses. If no rule is applicable to v then v is an end node. Note that each node 
is "expanded" only once (using one rule). Also note that the graph is constructed 
using global caching [26, 14, 17] and the contents of its nodes are unique. 

A marking of an "and-or" graph G is a subgraph G' of G such that: 

— the root of G is the root of G' . 

— if v is a node of G" and is an "or" -node of G then there exists at least one edge 
(v, w) of G that is an edge of G' . 

— if v is a node of G' and is an "and" -node of G then every edge (v, w) of G is an 
edge of G' . 

— if (v, w) is an edge of G' then v and w are nodes of G '. 

Let G be an "and-or" graph for (X, _T), G' a marking of G, v a node of G", and 
(a)<p a formula of the label of v. A trace of (a)ip in G' starting from v is a sequence 
(v , ip ), (v k ,ipk) such that: 6 

— Vo = v and ipo = (a)ip; 

— for every 1 < i < k, (vi-i,Vi) is an edge of G'; 

— for every 1 < i < k, cpi is a formula of the label of Vi such that: if ifi-i is not 
a principal formula of the tableau rule expanding Vi-\, then the rule must be 
a static rule and = <pi-i, else 

• if the rule is (0 : ), (Oy) or (O*) then ipi is the formula obtained from ifii-i, 

• if the rule is (O?) and y>j_i = (V>?)£ then ipi = £, 

• else the rule is (trans), <pt-i is of the form (cr)£ and is the label of the edge 
(vi-i,Vi), and ip { = £. 

A trace (v ,fo), ■ ■ ■ , (vk, <Pk) of (a)(p in G' is called a O -realization in G' for (a)(p 
at t>o if fk = <P- 

A marking G' of an "and-or" graph G for (X, r) is consistent if: 

5 If there are several applicable rules with the same priority, choose any one of them. 

6 This definition of trace is inspired by [25]. 
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local consistency: G' does not contain any node with label {-L}; 
global consistency: for every node v of G', every formula of the form (a)(p of the 
label of v has a O-realization (starting at v) in G' . 

Theorem 4.1 (Soundness and Completeness of Cpdl)- Let X and T be fi- 
nite sets of formulas in NNF, and G be an "and-or" graph for (X,T). Then X is 
satisfiable w.r.t. the set P of global assumptions iff G has a consistent marking. < 

The "only if" direction means soundness of Cpdl, while the "if" direction means 
completeness of Cpdl- See Appendix A for the proof of this theorem. 



(1) : "or"-nodo, (□») 
<<r*)p, [u*]q, ^p V -.g 

\J»> (<r* )P 



(2) : "or"-node, (0») 
[a")p, q, [a][a*]q, ^p V ^q 


(8) : "and"-node, (trans) 
(<7><<7*)p, q, [<r][<T*]q, 














(3) : "or"- 
P,q, Wk* 


node, (V) 
q, -.p V -ig 


(4) : "or" 
(a)(a')p,q,l<T 


node, (V) 
[<J*]q,-,pV ^q 
















(5) : "or" -node, (_L) 
Q, ^p 


(6) : "or"- 
P, 9, [<r][ 


node, (_L) 

<r*]q, 




(9) : "or"-node, (_L) 
(a)(a*)p, q, [a\[a*]q, ^q 





(7) 



Fig. 1. An "and-or" graph for ({{a*)p, [a*]q}, {^p V -*q})- In the 2nd line of each node we 
display the formulas of the label of the node. We do not display the sets rfs(S) of the nodes. 



Example 4-2. In Figure 1 we give an "and-or" graph for ({(cr*}p, [cr*]g}, {^p V -■<?}). 
This graph does not have any consistent marking: the only marking that satisfies the 
local consistency property consists of the nodes (1), (2), (4), (8) and does not satisfy 
the global consistency property because the formula (cr*)p of the label of (1) does 
not have any O-rcalization in this marking. By Theorem 4.1, the set {(a*)p, [o~*]q} 
is unsatisfiable w.r.t. the global assumption V ~^q. < 

5 A Tableau Calculus for Dealing with ABoxes 

Define tableau calculus Cpdl+abox w.r.t. a TBox T to be the extension of Cpdl with 
the following additional rules: 
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a rule (p') obtained from each rule (p) e {(A), (V), (□;), (0 ; ), (D u ), (O u ), (□?), 
(O?), (□*), (O*)} by labeling the principal formula and the formulas obtained 
from it by prefix "a : " and adding the modified principal formula to each of the 
possible conclusions; for example: 



(V) 



Y, a : (p V -0 



Y, a : (p V ip, a : (p \Y, a : tp V -0, a : ip 



and 



, Y, a : _L , F, a : p, a : -.p 

y^a) i \->- ) 



(□') 



v ' _L 
Yi a : [<r]<p, cr(a, b) 



(trans') 



Y, a : [a]ip, a(a, 6), b : ip 
Y 



&{ (M U {ip s.t. (a : [<r]V) eY}UT) s.t. (a : (o» e K } 

The additional rules of Cpdl+abox work on sets of ABox assertions, except that 
the conclusions of (trans') are sets of traditional formulas. That is, in those rules, Y 
denotes a set of ABox assertions. The rule (trans') is an "and" -rule and a transitional 
rule. The other additional rules of Cpdl+abox are "or" -rules and static rules. 

Note that, for any additional static rule of Cpdl+abox except (_Lq) and (_L'), the 
premise is a subset of each of the possible conclusions. Such rules are said to be 
monotonia. 

We assume that any one of the rules (A'), (V'), (□'), (<>'), (□□), (O'u), (□'?), 
(0' 7 ), (□!), (<>t) is applicable to a node v only when the principal formula does not 
belong to rfs(v). Applying any one of these rules to a node v, for any successor node 
w of v, let rfs(w) be the set that extends rfs(v) with the principal formula of the 
applied rule. We assume that the rule (□') is applicable only when its conclusion is 
a proper superset of its premise. Applying this rule to a node v, let rfs(w) = rfs(v) 
for the successor w of v. Applying (J_o), (J-') 5 or (trans') a node v, for any successor 
node w of v, let rfs(w) = 0. 

Similarly as for Cpdl, we assume the following preference for the rules of 
Cpdl+abox: the rules (J-o), (-L), (J-o); (-L') have the highest priority; unary static 
rules have a higher priority that non-unary static rules; all the static rules have 
a higher priority than the transitional rules. 

Consider the problem of checking whether a given ABox A is satisfiable w.r.t. 
a given TBox r. We construct an "and-or" graph for (A, r) as follows. The graph 
will contain nodes of two kinds: complex nodes and simple nodes. The sets C(v) 
and rfs(v) of a complex node v consist of ABox assertions, while such sets of a 
simple node v consist of traditional formulas. The graph will never contain edges 
from a simple node to a complex node. The root of the graph is a complex node 
v with L(v) = A U {(a : ip) ip e _T and a is a state variable occurring in .4} and 
rfs(v) = 0. Complex nodes are expanded using the additional rules of Cpdl+abox 
(i.e., the "prime" rules), while simple nodes are expanded using the rules of Cpdl- 
The "and-or" graph is expanded in the same way as described in the previous section 
for checking consistency of a set X of traditional formulas w.r.t. r. 

The notion of marking remains unchanged. 

Let G be an "and-or" graph for (A, r) and let G' be a marking of G. If v is 
a simple node of G' and (a)ip is a formula of the label of v then a trace of (a)<p 
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in G starting from v is denned as before. Consider the case when v is a complex 
"and"-nodc and suppose that a : (a)<p G C(v). A static trace of a : (a)ip at v is a 
sequence tp , . . . , ipk sucn that: 

— vo = (a)^; 

— for every 1 < i < k, (a : ifi) G C(v); 

— for every 1 < i < k, 

• if ipi-i = (f3;j)tp then tpi = {(3){^)ij), 

• if ifi^i = ((3 U 7)f/' then t^j is either (f3)ip or (7)^; 

• if ifi-i = (tp?)£ then ^ = £, 

• if = {(3*)tp then ^ is either ip or {(3)(j3*)ip. 

A static trace </?o, • ■ • , <Pk of a: (a}<^ at v is called a static realization for a: (a}<,5 at v 
if either = ip or (y5fc is of the form {a)ip' k for some a G iT . 

A marking G" of an "and-or" graph G for (.4., _T) is consistent if: 

local consistency: G' docs not contain any node with label {_L}; 
global consistency: 

— for every complex "and"-node v of G', every formula of the form a: (a)ip of 
the label of v has a static realization (at v) , 

— for every simple node v of G", every formula of the form (a)ip of the label of 
v has a O-realization (starting at v) in G' . 

Theorem 5.1 (Soundness and Completeness of Cpdl+abox)- Let A be an 
ABox, r a TBox, and G an "and-or" graph for (A,T). Then A is satisfiable w.r.t. 
r iff G has a consistent marking. < 

The "only if" direction means soundness of Cpdl+abox, while the "if" direction 
means completeness of Cpdl+abox- See Appendix B for the proof of this theorem. 

Example 5.2. In Figure 2 we present an "and-or" graph for ({a : [a}(cr*)p, a(a,b)} 7 
{-■p}). This graph does not have any consistent marking. By Theorem 5.1, the ABox 
{a : [a](a*)p, a(a 1 b)} is unsatisfiable w.r.t. the TBox {^p}. < 

6 Decision Procedures for PDL 

In this section, we present simple algorithms for checking satisfiability of a given 
set X of traditional formulas w.r.t. a given set r of global assumptions and for 
checking satisfiability of given ABox A w.r.t. a given TBox J 1 . Optimizations for the 
algorithms will be discussed in the next section. We also prove the mentioned data 
complexity result for PDL. 

Define the length of a formula ip to be the number of symbols occurring in ip, and 
the size of a finite set of formulas to be the length of the conjunction of its formulas. 

6.1 Checking Satisfiability of X w.r.t. T 

Let X and r be finite sets of traditional formulas in NNF, G be an "and-or" graph 
for (X, r), and G' be a marking of G. The graph G t of traces of G' in G is defined 
as follows: 
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(1) : "or"-nodc, (□') 
a : [a] (a* )p, a(a, 6), 
a : ->p, b : ->p 



(3) : "or"-nodc, (_L ) 
a : [<r]{(T*)p, cr(a, b), 
a : ->p, b : ->p, b : {a*)p, 
b : p 



(2) : "or"-nodc, (O'J 
a : [a] (er* }p, a(a, b), 
a : ->p, b : ->p, b : {cr*)p, 



(4) 
± 



(5) : "and"-node, (trans ) 
a : [<r] (a* )p, <r(a, 6), 
a : -ip, b : -ip, b : {a*)p, 
b : (er)(er*)p 



(7) : "or"-node, (_L) 



(6) : "or"-node, (O*) 



(8) : ll and"-node, (trans) 

(<7>(CT*)p, 



Fig. 2. An "and-or" graph for ({a : [a-](er*)p, a(a, &)}, {-ip}). The formulas in each node v 
form the set C(v). We do not display formulas of the sets rfs(v). 



— Nodes of G t are pairs (v,ip), where v is a node of G' and ip is a formula of the 
label of v. 

— A pair ((v, ip), (w, ip)) is an edge of G t if v is a node of G' , ip is of the form (a)£, 
and the sequence (w, </?), (w, ip) is a trace of p in G". 

A node (v, p) of G t is an end node if p is not of the form (a)£. A node of G t is 
productive if there is a path connecting it to an end node. 

Consider now Algorithm 1 (see Figure 3) for checking satisfiability of X w.r.t. 
r. The algorithm starts by constructing an "and-or" graph G with root v for 
(X, r). After that it collects the nodes of G whose labels are unsatisfiable w.r.t. 
r. Such nodes are said to be unsat and kept in the set UnsatNodes. Initially, if G 
contains a node with label {_L} then the node is unsat. When a node or a number of 
nodes become unsat, the algorithm propagates the status unsat backwards through 
the "and-or" graph using the procedure updateUnsat Nodes (see Figure 3). This 
procedure has property that, after calling it, if the root v of G does not belong 
to U nsatN odes then the maximal subgraph of G without nodes from UnsatNodes, 
denoted by G', is a marking of G. After each calling of updateUnsatNodes, the 
algorithm finds the nodes of G 1 that make the marking not satisfying the global 
consistency property. Such a task is done by creating the graph Gt of traces of G' in 
G and finding nodes v of G' such that the label of v contains a formula of the form 
(a)p but (v, (a)p) is not a productive node of G t . If the set V of such nodes is empty 
then G' is a consistent marking (provided that vq £ UnsatNodes) and the algorithm 
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Algorithm 1 

Input: finite sets X and r of traditional formulas in NNF. 
Output: true if X is satisfiable w.r.t. T, and false otherwise. 

1. construct an "and-or" graph G with root vo for (X, r); 

2. UnsatNodes := 0; 

3. if G contains a node v with label {!.} then 

updateUnsatNodes(G, UnsatNodes, {«}); 

4. if vo £ UnsatNodes then return false; 

5. let G' be the maximal subgraph of G without nodes from UnsatNodes; 
(we have that G' is a marking of G) 

6. construct the graph Gt of traces of G' in G; 

7. while vo £ UnsatNodes do: 

(a) let V be the set of all nodes v of G' such that Gt contains a non- 
productive node of the form (v, (a)<p); 

(b) if V = then return trwe; 

(c) updateU nsatN odes{G , UnsatNodes, V); 

(d) if vo £ {/ nsatN odes then return /a/se; 

(e) let G' be the maximal subgraph of G without nodes from U nsatN odes; 
(we have that G' is a marking of G) 

(f) update Gt to the graph of traces of G' in G; 

Procedure updateU nsatN odes{G , U nsatN odes, V) 

Input: an "and-or" graph G and sets UnsatNodes, V of nodes of G, 

where V contains new unsat nodes. 
Output: a new set UnsatNodes. 

1. UnsatNodes := UnsatNodes U V; 

2. while V is not empty do: 

(a) take out a node v from V; 

(b) for every father node u of u, if u UnsatNodes and either u is an 
"and" -node or u is an "or" -node and all the successor nodes of u 
belong to UnsatNodes then add u to both UnsatNodes and V; 



Fig. 3. Algorithm for checking satisfiability of X w.r.t. r. 



stops with a positive answer. Otherwise, V is used to update UnsatNodes by calling 
updateUnsatNodes(G, UnsatNodes, V). After that call, if i>o £ UnsatNodes then 
the algorithm stops with a negative answer, else the algorithm repeats the loop of 
collecting unsat nodes. Note that, we can construct Gt only the first time and update 
it appropriately each time when U nsatN odes is changed. 

Lemma 6.1. Let X and r be finite sets of traditional formulas in NNF, G be an 
"and-or" graph for (X,r), andn be the size of X LIT. Then G has 2°(") nodes, and 
for each node v of G, the sets C{v) and rfs(v) contain at most 0(n) formulas and 
are of size 0(n 2 ). 
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Proof. The sets C(v) and rfs(v) of each node v of G are subsets of the Fischer-Ladner 
closure FL(X U r). This closure contains at most 0(n) formulas [19, Lemma 6. 3]. 7 
Hence £(v) and rfs(v) contain at most 0(n) formulas and are of size 0(n 2 ). Since 
the nodes of G have unique contents, G has 2°^ nodes. < 

Lemma 6.2. Algorithm 1 runs in exponential time in the size of X U r . 

Proof. By Lemma 6.1, the graph G can be constructed in 2°(™) steps and has 2°(™) 
nodes. As the label of each node of G contains at most 0(n) formulas, each time 
when UnsatNodes is extended G t can be constructed or updated in 2°(") steps. 
Computing the set V can be done in polynomial time in the size of Gt , and hence 
also in 2°(") steps. An execution of updateUnsatNodes is done in polynomial time 
in the size of G, and hence also in 2°^ steps. As the set UnsatNodes is extended 
at most 2°( n ) times, the total time for executing Algorithm 1 is of rank 2°( n \ < 

Theorem 6.3. Let X and r denote finite sets of traditional formulas in NNF. 
Algorithm 1 is an ExpTime decision procedure for checking whether X is satisfiable 
w.r.t. the set r of global assumptions. 

Proof. It is easy to show that the algorithm has the invariant that a consistent 
marking of G cannot contain any node of UnsatNodes. The algorithm returns false 
only when the root vo belongs to UnsatNodes, that is, only when G does not have 
any consistent marking. At Step 7b, G' is a marking of G that satisfies the local 
consistency property. If at that step V = then it satisfies also the global consistency 
property and is thus a consistent marking of G. That is, the algorithm returns true 
only when G has a consistent marking. Therefore, by Theorem 4.1, Algorithm 1 is 
a decision procedure for the considered problem. The complexity was established by 
Lemma 6.2. < 



6.2 Checking Satisfiability of an ABox w.r.t. a TBox 

Let A be an ABox, r be a TBox, G be an "and-or" graph for (A,T), and G' be 
a marking of G. The graph G t of traces of G' in G is the largest graph such that: 

— A node of G t is 

• either a pair (v, ip), where v is a simple node of G' and <p 6 £(v), 

• or a pair (v,a:(f), where v is a complex "and"-node of G' and (a:ip) G C{v). 

— An edge of Gt is 

• either a pair ((v, tp), (w,ip)) such that v is a simple node of G", <p is of the 
form (a)£, and the sequence (v, <p), (w, ip) is a trace of <p in G', 

• or a pair ((v,a:ip), (v,a:tp)) such that v is a complex "and" -node of G' , if 
is of the form (a)£, and the sequence ip, ip is a static trace of a:<p at v, 

• or a pair ((v,a:(a)p), (w, ip)) such that v is a complex "and"-node of G' and 
(v, w) is an edge of G' with a:{a)ip as the label. 



7 In [19], only _L, — >, [a] are considered as primitive, while -i, A, V, (a) are treated as 
derived operators. However, the lemma still holds for our language. 
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A node of G t is an end node if it is of the form (v,ip) or (v, a : ip) such that p is 
not of the form (a)£. A node of G t is productive if there is a path connecting it to 
an end node. 

By Algorithm 1' we refer to the algorithm obtained from Algorithm 1 by changing 
X to A and modifying Step 7a to "let V be the set of all nodes v of G' such that Gt 
contains a non-productive node of the form (v, {a) if) or (v,a: (a)ip)" . Algorithm 1' 
receives an ABox A and a TBox r as input and checks whether A is satisfiable 
w.r.t. r. 

Here is a counterpart of Lemma 6.1: 

Lemma 6.4. Let A be an ABox, r be a TBox, G be an "and-or" graph for (A,T), 
and n be the size of AL) T. Then G has 2°(™ ) nodes. If v is a simple node of G 
then C(v) and rfs(v) contain at most 0(n) formulas and are of size 0(n 2 ). If v is a 
complex node of G then C{v) and rfs(v) contain at most 0(n 2 ) formulas and are of 
size 0(n 3 ). 

Proof. Let S be the set of all state variables occurring in A and let X — T U {if | 
{a : <f) <E A for some a E S}. The sets C(v) and rfs{v) of each simple node v of 
G are subsets of the Fischer-Ladner closure FL(X). Since this closure contains at 
most 0(n) formulas [19, Lemma 6.3], the sets C(v) and rfs(v) of each simple node 
v of G contain at most 0(n) formulas and are of size 0(n 2 ). Since the simple nodes 
of G have unique contents, G has 2°(") simple nodes. For each complex node v of G 
and for each a £ S, the set {f | (a : f ) 6 £(v) U rfs(v)} is also a subset of FL(X). 
Hence the sets C(v) and rfs(v) of each complex node v of G contain at most 0(n 2 ) 
formulas and are of size 0(n 3 ). Due to the restrictions on applicability of the static 
"prime" rules of Cpdl+abox, each path of complex nodes in G has length of rank 
0(n 2 ). Hence G contains 2°(™ ' complex nodes. < 

Using the proofs of Lemma 6.2 and Theorem 6.3 with appropriate changes we 
obtain the following theorem. 

Theorem 6.5. Algorithm 1' is an ExpTime decision procedure for checking whether 
a given ABox A is satisfiable w.r.t. a given TBox T. < 

Algorithm 1' uses global caching for both complex nodes and simple nodes. What 
happens if we use global caching only for simple nodes and backtracking on branch- 
ings at complex "or" -nodes? Is the complexity still ExpTime? The rest of this sub- 
section deals with these questions. 

Lemma 6.6. Let A be an ABox, T be a TBox, and G be an "and-or" graph for 
(A,T). Then G has a consistent marking iff there exists a complex "and"-node v 
of G such that the subgraph generated by v of G (which uses v as the root) has 
a consistent marking. 

Proof. Just notice that the root of G is a complex node and every father node of 
a complex node must be a complex "or" -node. < 

By Algorithm 1" we refer to the algorithm that checks whether a given ABox A 
is satisfiable w.r.t. a given TBox _T as follows. The algorithm "simulates" the tasks 
of constructing an "and-or" graph for (A, r) and checking whether the graph has 
a consistent marking but does it as follows: 
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1. nondeterministically expand a path from the root until reaching a complex 
"and" -node v; 

2. construct the full subgraph rooted at v; 

3. check whether the subgraph has a consistent marking (as done in the steps 2-7 
of Algorithm 1), and return true if it does; 

4. if none of the possible executions returns true then return false. 

In practice, the first step of the above algorithm is executed by backtracking 
on the branchings of the applications of "or" -rules. The algorithm does not keep 
all complex nodes but only the ones on the current path of complex nodes. On the 
other hand, simple nodes can be globally cached. That is, simple nodes can be left 
through backtracking for use in the next possible executions. 

Theorem 6.7. Using backtracking to deal with nondeterminism, Algorithm 1" is 
an ExpTime decision procedure for checking whether a given ABox A is satisfiable 
w.r.t. a given TBox r '. 

Proof. By Theorem 5.1 and Lemma 6.6, Algorithm 1" is a decision procedure for 
the considered problem. It remains to show that the algorithm runs in exponential 
time. Let n be the size of A U r. As stated in the proof of Lemma 6.4, each path 
of complex nodes constructed by Step 1 of Algorithm 1" has length of rank 0(n 2 ). 
Analogously to the proofs of Lemmas 6.2 and 6.4, it can be shown that Steps 2 and 
3 of Algorithm 1" are executed in 2°( n ) steps. Hence the complexity of Algorithm 1" 
is of rank 2°<" 2 ) x 2° {n \ which is 2°<" 2 ). < 

6.3 On the Instance Checking Problem 

Observe that (A, r) \= <p(a) iff the ABox A U {a : 7p} is unsatisfiable w.r.t. r. So, 
the instance checking problem is reduced to the problem of checking unsatisfiability 
of an ABox w.r.t. a TBox. What we are interested in is the data complexity of the 
instance checking problem, which is measured in the size of A when assuming that 
A is extensionally reduced and r, tp, a are fixed. Here, r, tp and a form a fixed 
query, while A varies as input data. 

Theorem 6.8. The data complexity of the instance checking problem in PDL is 
coNP- complete. 

Proof. Let A be an extensionally reduced ABox, r be a TBox, tp be a (traditional) 
formula in NNF, and a be a state variable. Consider the problem of checking whether 
(A,T) \=cp(a). 

Let p be a fresh proposition (not occurring in A, r, tp) and let J" = ru{^pV</?, 
pWp} and A' = A U {a : ^p}. 

Observe that r' extends r with the formulas stating that p is equivalent to tp, 
and that (.4, r) \= ip(a) iff the ABox A' is unsatisfiable w.r.t. the TBox r'. 

Let n be the size of A. The size of A' U J" is thus of rank 0{n). 

Consider an execution of Algorithm 1" for the pair A' and As stated in 
the proof of Lemma 6.4, each path of complex nodes constructed by Step 1 of 
Algorithm 1" has length of rank 0(n 2 ). The sets C(v) and rfs(v) of each complex 
node contain at most 0(n 2 ) formulas. Hence a nondeterministic execution of Step 1 
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of Algorithm 1" runs in time 0(n 2 ) x 0(n 2 ). Since A 1 is extensionally reduced, The 
sets C(v) and rfs(v) of each simple node v depends only on J". Since i~" is fixed, Steps 
2 and 3 of Algorithm 1" are executed in time of rank 0(n 2 ). Hence the execution of 
Algorithm 1" for A' and r' runs nondeterministically in polynomial time the size of 
A, and therefore the instance checking problem [A, -T) |= <^(a) is in coNP. 

The coNP-hardness follows from the fact that the instance checking problem in 
the description logic ACC is coNP-hard (see [28]). < 

7 Optimizations 

In this section we discuss optimizations for the algorithms given in the previous 
section. For simplicity we consider only Algorithm 1, but the optimizations are ap- 
plicable also to Algorithms 1' and 1". 

Observe that Algorithm 1 first constructs an "and-or" graph and then checks 
whether the graph contains a consistent marking. To speed up the performance these 
two tasks can be done concurrently. For this we update the structures UnsatNodes, 
G', Gt mentioned in the algorithm "on-the-fly" during the construction of G. The 
main changes are as follows: 

— During the construction of the "and-or" graph G, each node of G has status un- 
expanded, expanded, unsat or sat. The initial status of a new node is unexpanded. 
When a node is expanded, we change its status to expanded. The status of a node 
changes to unsat (resp. sat) when there is an evidence that the label of the node 
is unsatisfiable (resp. satisfiable) w.r.t. r. When a node becomes unsat, we insert 
it into the set UnsatNodes. 

— When a node of G is expanded or G' is modified, we update G t appropriately. 

— When a new node is created, if its label contains 1 or a clashing pair ip, Tp then 
we change the status of the node to unsat. This is the implicit application of the 
rule (J_o) and a generalized form of the rule (_L). Thus, we can drop the explicit 
rules (J_o) and (-L). When a non-empty set V of nodes of G becomes unsat, we 
call updateUnsatNodes{G 1 UnsatNodes, V) to update the set UnsatNodes. 

— When UnsatNodes is modified, we update G' appropriately. 

— Since G t is not completed during the construction, when computing the set V 
of nodes of G' that cause G' not satisfying the global consistency property as in 
Step 7a of Algorithm 1 we treat a node (v, <p) of G t also as an end-node if v has 
status unexpanded or sat. 8 We compute such a set V occasionally, accordingly 
to some criteria, and when Gt has been completed. The computation is done by 
propagating "productiveness" backward through the graph Gt- The nodes of the 
resulting V become unsat. 

During the construction of the "and-or" graph G, if a subgraph of G has been 
fully expanded in the sense that none of its nodes has status unexpanded or has a 
descendant node with status unexpanded then each node of the subgraph can be 
determined to be unsat or sat regardlessly of the rest of G. That is, if a node of the 
subgraph cannot be determined to be unsat by the operations described in the above 
list then we can set its status to sat. This technique was proposed in [23]. 

8 Note that if v has status unexpanded (resp. sat) then (v, if) may (resp. must) be a pro- 
ductive node of Gt- 



Optimal Tableau Decision Procedures for PDL 



17 



A number of optimizations developed by previous researchers (see, e.g., [20,7]) 
can be applied for our algorithms. Apart from that, a number of special optimization 
techniques for search space of the form of "and-or" graphs has been developed [15, 
23]. These optimizations have been implemented and experimented with by the 
first author for the tableau prover TGC for checking satisfiability in ACC [23]. 9 
The experimental results of TGC show that some of them are very useful. Most of 
the optimization techniques discussed in [15, 23] can directly be applied for PDL. 
However, two things need be further worked out for PDL. The first one is how to 
efficiently compute "unsat-core" of a node that becomes unsat because it violates the 
global consistency property. 10 The second one is what normalized form should be 
used for formulas in PDL. It is not difficult to give some solutions for these problems, 
but their usefulness should be estimated by tests. 

8 Conclusions 

In this paper we first provided a tableau-based algorithm for checking satisfiability 
of a set of formulas in PDL. We then gave an ExpTime tableau decision procedure 
for checking consistency of an ABox w.r.t. a TBox in PDL (ACC reg ). 

Our latter procedure is the first optimal (ExpTime) tableau decision procedure 
not based on transformation for checking consistency of an ABox w.r.t. a TBox 
in PDL. Recall that, in [9] the ABox is encoded by nominals, while in [10] the 
ABox is encoded by a concept assertion plus terminology axioms. Note that the ap- 
proach based on transformation is not efficient in practice: in the well-known tutorial 
"Description Logics - Basics, Applications, and More" , Horrocks and Sattler wrote 
"direct algorithm/implementation instead of encodings" and "even simple domain 
encoding is disastrous with large numbers of roles". 

The result that the data complexity of the instance checking problem in PDL is 
coNP-complete is first established in our paper. 

Combining global caching for nodes representing objects not occurring as indi- 
viduals in the ABox with backtracking for nodes representing individuals occurring 
in the ABox to obtain another ExpTime decision procedure is first studied by us in 
this paper. 

Despite that our decision procedure for the case without ABoxes is based on 
Pratt's algorithm for PDL, our formulation of the tableau calculus for the procedure 

9 Only a simple kind of absorption optimization has been implemented for TGC: for the 
case the TBox is acyclic and consists of only concept definitions of the form A = C, 
"lazy unfolding" is used; consequently, TGC runs on the test set DL'98 T98-kb equally 
well as on the test set DL'98 T98-sat. For the case the TBox is acyclic and contains also 
concept inclusions of the form A jZ C, a simple solution can be adopted: treat A IZ C 
as A = (C Fl A') for a new atomic concept A' . For the case the TBox is cyclic, one 
can try to divide the TBox into two parts T\ U T2, where Ti is a maximal acyclic sub- 
TBox "not depending" on the concepts defined in T2 , then one can apply the mentioned 
"replacing" and "lazy unfolding" techniques for Ti . Of course, more advanced absorption 
optimizations can also be tried for TGC. (Here, we write about TGC, but note that TGC 
can be extended for dealing with PDL in a natural way.) 

10 An unsat-core of a node is a subset of the label of the node that causes the node unsat. 
The smaller an unsat-core, the better its usefulness (for subset-checking). 
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and our proof of its completeness are completely different than the ones of Pratt. Our 
decision procedure is formulated in a much simpler way. Note that Pratt's algorithm 
has been considered complicated: Donini and Massacci wrote in their paper [7] on 
ExpTime tableaux for ACC that they had proposed "the first simple tableau based 
decision procedure working in single exponential time" (here, note that ACC is a 
sub-logic of PDL), which in turn is considered by Baader and Sattler [3] still as 
"rather complicated". Also note that nobody has implemented Pratt's algorithm 
(except Pratt himself in the 70s, but his prototype is not available) and it is natural 
to ask why that algorithm, known since the 70s, remains unimplemented. 

The idea of global caching comes from Pratt's paper on PDL, but it was discussed 
rather informally. Donini and Massacci in the mentioned paper on ACC stated that 
the caching optimization technique "prunes heavily the search space but its unre- 
stricted usage may lead to unsoundness [37]. It is conjectured that 'caching' leads to 
FiXPTiME-bounds but this has not been formally proved so far, nor the correctness of 
caching has been shown. ". Gore and Nguyen have recently formalized sound global 
caching [14, 17] for tableaux in a number of modal logics without the * operator. 
Extending sound global caching for PDL would better be "formally proved" as done 
in our paper. Our extension for PDL considerably differs from [14, 17] : 

— Due to the * operator we have to check not only local consistency but also global 
consistency of the constructed "and-or" graph. 

— We defined tableaux directly as "and-or" graphs with global caching, while in 
[14, 17] Gore and Nguyen used (traditional) tree-like tableaux and formulated 
global caching separately. Consequently, we do not have to prove soundness of 
global caching when having soundness and completeness of the calculus, while 
Gore and Nguyen [14, 17] had to prove soundness of global caching separately 
after having completeness of their calculi. 

Our method is applicable for other modal logics, e.g. CPDL and regular gram- 
mar logics with/without converse. As consequences, it can be shown that the data 
complexity of the instance checking problem in these logics is coNP-complete. 
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A Soundness and Completeness of Cpdl 

The alphabet S(a) of a program a is defined as follows: E(cr) = {c}, S((p?) — {<£?}, 
r(/3; 7 ) = E(/3)UE(-y), S(/3Uj) = E(/3)UE(j), S{f3*) = E(f3). Thus, E{a) contains 
not only atomic programs but also expressions of the form <pl. 

A program a is a regular expression over its alphabet 17(a). The regular language 
C(a) generated by a is specified as follows: C(a) — {a}, C((pl) — {9??}, £(/? U 7) = 
£(/?)U£(7), £(#7) = £(f3). and £(/?*) = (£(/?))*, where if L and M are sets 
of words then L.M = {a/3 \ a e L, (3 e M } and L* = [j n>Q L n with L° = {e} and 
L n+1 = L.L n , where e is the empty word. We treat words of C(a) also as programs, 
e.g. a 1 (ip?)a 2 as (cti; 9??; <t 2 )- 

By Q(a) we denote the context-free grammar over alphabet S(a), which is spec- 
ified as follows: the grammar variables are sub-expressions of a that do not belong 
to S(a), the starting symbol is a, and the grammar rules are: 

(#7) -07 
(/? U 7) -f p I 7 

(/?*)->£ I /?(/T) 

Given a modality A of the form (ai) . . . (at) or [ai] . . . [ctfc] we call a.\ . . . the 
program sequence corresponding to A. We call (a\) . . . (oik) (resp. [a\] . . . [a^]) the 
existential (resp. universal) modality corresponding to a\ . . . ctk- 

A.l Soundness 

Lemma A.l (Soundness). Let X and r be finite sets of traditional formulas in 
NNF, and G be an "and-or" graph for (X,T). Suppose that X is satisfiable w.r.t. 
the set r of global assumptions. Then G has a consistent marking. 

Proof. We construct a consistent marking G' of G as follows. At the beginning, G' 
contains only the root of G. Then, for every node v of G' and for every successor w 
of v in G, if the label of w is satisfiable w.r.t. r, then add the node w and the edge 
(v, w) to G'. It is easy to see that G' is a marking of G. Also, G' clearly satisfies the 
local consistency property. 

We now check the global consistency property of G' . Let v be a node of G' , Y 
be the label of vq, and {a)<p be a formula of Y . We show that the formula has a O- 
realization (starting from vq) in G' . As Y is satisfiable w.r.t. I ', there exists a Kripke 
model M that validates r and satisfies Fat a state uq. Since (a)ip is satisfied at m 
in M, there exist a word 5 = g\ . . . aj 1 {^}\l)a^ + \ . . . <Tj 2 (^2?) • • ■ o-j k 6 C{a) (with 

< ji < 32 < • • • < ife) and states tti, . . . , Uj fc of AI such that: (uj-i, Mj) £ erj^ for 

1 < i < .7fcj u j, G for 1 < Z < fc — 1, and G 95^. Denote this property by (*). 

We construct a O-rcalization (vo, <Po), ■ ■ ■ , {vu, fh) in G' for (a) ip at vq and a map- 
ping / : {v , ...,v h } -> {mo, • ■ • ,UjJ such that /(u ) = u , f(vh) = u jk , and for 
every < i < h, if /(i>i) = % then /(u^+i) is either Uj or Uj+i- For 1 < i < /i, let 
Ai be the sequence of existential modal operators such that ifi = A{ip and let Si 
be the program sequence corresponding to Aj . We maintain the following invariants 
for < i < h : 
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(a) The sequence (v , tp ), . . . , (vi, ipi) is a trace of (a)tp in G . 

(b) The label of Vi is satisfied at the state of M. 

(c) If f(vi) — Uj and j £ {ji, ■ ■ ■ , jfc-i} then the suffix St of 8 that starts from (Jj+i 
is derivable from Si using a left derivation of the context-free grammar Q (a) . 

(d) If f(vi) = uj and < j = jl = jl+i = ■■■ = ji+ m < ji+m+i then there exists 
< n < m + 1 such that the suffix Si of 8 that starts from (ipi +n ?) if n < m 
or from <Jj+i if n = m + 1 is derivable from Si using a left derivation of the 
context-free grammar Q(a). 

With ip — and f(vo) — u , the invariants clearly hold for i = 0. 
Set i := 0. While fi^f do: 

— Case Vi is expanded using a static rule and ipi is the principal formula: 

• Case ipi — (/3;j)ip : Let Vi + \ be the only successor of Vi, tpi+i — ((3}( , y)tp, 
f(vi+i) = f(vi), and set i := i + 1. Clearly, the invariants still hold. 

• Case y?i = (^)ip : Let Uj+i be the only successor of Vi, <Pi+i = tp, and 
f{ v i+i) = f( v i)- Observe that the invariant (a) clearly holds for i + 1. As ifi 
is satisfied at /(t>i), both ^ and ^ ar e satisfied at f(v i+ i) = f(vt). Hence, 
the label of Vi+± is satisfied at and the invariant (b) holds for i + 
1. Let f(vi) = Uj. By the invariants (c) and (d) for i, we have that j G 
{ji, . . . ,jk-i}- As Si is derivable from 5» = using a left derivation 
of the context-free grammar G(a), the word 8i+\ such that Si = (^?)<5i+i 
is derivable from S i+ i using a left derivation of 5(a)- Therefore, by setting 
i := i + 1, the invariants (a)-(d) still hold (for the new i). 

• Case ipi = {(5 U 7)1/' : Let -0 = A^</3 and let S[ be the program sequence 
corresponding to A^. By the invariants (c) and (d), Si is derivable from 
(P U 7)5. using a left derivation of Q{a). If the first step of that derivation 
gives (3SI then let tpi+i = ((3)ip else let fi+i = (7)^. By (★), it follows that 
(fi + i is satisfied at the state /(«,). Let Vi+i be the successor of Vi such that 
<^i + i belongs to the label of v i+ i. Clearly, the invariant (a) holds for i + Let 
f(vi+i) = f(vi). Thus, the invariants (b)-(d) also hold for i + Therefore, 
by setting i := i + the invariants (a)-(d) still hold (for the new i). 

• Case fi — {fl*)ip : Let ip — A-</? and let S[ be the program sequence corre- 
sponding to A^. By the invariants (c) and (d), Si is derivable from (f3*)S' i 
using a left derivation of Q{a). If the first step of that derivation gives S[ 
then let tpi+i = ip else let fi+i = (f3)((3*}ip. Let v^+i be the successor of 
Vi such that (fii+i belongs to the label of Vi + i, let /(fi+i) = f(vi), and set 
i := i + 1. Similarly to the above case, the invariants (a)-(d) still hold. 

— Case Vi is expanded using a static rule but ipi is not the principal formula: 

• Case the principal formula is not of the form (a')ip': Let Vi+i be the successor 
of Vi such that (vi,v i+ i) is an edge of G and the label of v i+ i is satisfied 
at the state /(«,) of M. Such a node v i+ i exists because the label of Vi is 
satisfied at the state of A4. Let <pi+i = Lpi, f(vi+i) = /(««), and set 
i := i + 1. Clearly, the invariants still hold. 

• Case the principal formula is of the form (a')ip': During a sequence of ap- 
plications of static rules between two applications of the transitional rule, 
proceed as for realizing (a')if' in G (like for the current O-realization of 
{a)<p in G at v ). This decides how to choose Vi+\ and has effects on ter- 
minating the trace (to obtain a O-realization for (a)ip in G at v ). We also 
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choose ifii+i = fi and f(v i+ i) = f(vi). By setting i := i + 1, the invariants 
still hold (for the new i). 

— Case Vi is expanded using the transitional rule: Let f(vi) = Uj. Then, by the 
invariants (c) and (d), ipi must be of the form (aj + i)ip. Let (v i} v i+ i) be the edge 
of G with the label <pi. Let fi+i = ip and /(«i+i) = Uj+i- Clearly, the invariant 

(a) holds for i + By (★), -0 is satisfied at the state uj + i of M. By the invariant 

(b) , the other formulas of the label of v i+1 are also satisfied at the state Uj+i of 
M. That is, the invariant (b) holds for i + 1. It is easy to see that the invariants 

(c) and (d) remain true after increasing i by 1. So, by setting i :— i + 1, all the 
invariants (a)-(d) still hold. 

It remains to show that the loop terminates. 

Observe that any sequence of applications of static rules that contribute to the 
trace (vo, <po), ■ ■ ■ > («»> <Pi) of (a)v in G' eventually ends because: 

— each formula of the form ip A £, -0 V £, or [/?]?/> with /3 ^ 77 may be reduced at 
most once; 

— each formula of the form (j3)ip with (3 ^ 7T of the label of any node among 
v 0} ■ ■ ■ ,Vi is reduced according to some O-realization. 

Therefore, sooner or later either <pi — ip or Vi is a node that is expanded by 
the transitional rule. In the second case, if f(vi) = Uj then f(vi+i) = Uj+\. As the 
image of / is {uq, ■ ■ ■ ,Uj k }, the construction of the trace must end at some step 
(with ipi = ip) and we obtain a O-realization in G' for (a) ip at i> . This completes 
the proof. < 



A. 2 Model Graphs 

We will prove completeness of Cpdl via model graphs. The technique has previously 
been used in [27, 11, 24] for logics without the star operator. A model graph is a tuple 
(W, (Ro-) a £n , H), where W is a set of nodes, R a for a G IIq is a binary relation 
on W, and H is a function that maps each node of W to a set of formulas. We use 
model graphs merely as data structures, but we are interested in "consistent" and 
"saturated" model graphs defined below. 

Model graphs differ from "and-or" graphs in that a model graph contains only 
"and" -nodes and its edges are labeled by atomic programs. Roughly speaking, given 
an "and-or" graph G with a consistent marking G' , to construct a model graph one 
can stick together the nodes in a "saturation path" of a node of G' to create a node 
for the model graph. Details will be given later. 

A trace of a formula (a)(p at a node in a model graph is defined analogously as for 
the case of "and-or" graphs. Namely, given a model graph M — (W, (R a ) ae n al H) 
and a node v £ W, a trace of a formula (a)ip G H(v) (starting from v) is a sequence 
(v , ip ), (v k ,(p k ) such that: 

— v — v and <po = (a)ip; 

— for every 1 < i < k, ipi £ H(vi); 

— for every 1 < i < k, if Vi = t>j_i then: 

• if <pi_i = {P;-f)tp then ip t = {(3}(-y)ip, 

• else if tpi-i = (fi U then ipi = (/3}ip or ipi = (7)^1, 
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• else if ipi-x = ((3*)ip then tpi = ip or tpi = (/3)(f3*)ip, 

• else ifi-i is of the form (ip7)£, and tp i = £; 

- for every 1 < i < k, if Vi ^ then: 

• (fii-i is of the form (a)ip and tpi = ip and fj) £ i?cr- 

A trace (i>o, </?o), ■ • • , {vk, P>k) of (a)tp in a model graph M. is called a O -realization 
for (a)<p at w if i^fc = 

Similarly as for markings of "and-or" graphs, we define that a model graph 
M. = (W, (i? (T ) (T6 77o > H) is consistent if: 

local consistency: for every v £ VF, contains neither ± nor a clashing pair 

of the form p, ->p ; 

global consistency: for every v £ W, every formula (a)<p of -ff(v) has a O- 
realization. 

A model graph M = (W, (ii o -) CTe ij , H) is said to be saturated if the following 
conditions hold for every v £ W and 93 £ H(v) : 

- if p = ip A £ then {V>, £} C 

- if tp = ip V £ then ^ £ if(u) or £ £ -ff(u), 

- if V? = then ^ £ iJ(w), 11 

- if tp = [a;[3]ip then [a][f3]ip £ 

- if V? = [a U /3]V> then {[a]?/', [Z?]^} C H(v), 

- i£tp= [ipl]£ then V £ H(v) or £ £ 

- if V? = [a*]r/> then {V>, [a][a*]^} £ if(u), 

- if tp = [a]ip and £ R a then ^ £ H(w). 

Given a model graph M = (W, (i? -) (je 77n , H), the Kripke model M! defined by 
A M ' = W, a M ' = R a for a £ 77 , and p M = {w £ W \ p £ (tu)} for p £ <2> is 
called the Kripke model corresponding to M. 

Lemma A. 2. Let M — (W, {R a ) a ^n al H) be a consistent and saturated model graph 
and let M! be the Kripke model corresponding to A4. Then, for any w £ W , if 
M\ w |= tp then H(w) does not contain Tp. 

Proof. By induction on the structure of tp, using the global consistency. 

Lemma A. 3. Let X and r be finite sets of traditional formulas in NNF and let 
M = (W,(R t7 ) t7e n ,H) be a consistent and saturated model graph such that r C 
H(w) for all w £ W , and X C H(t) for some r £ W. Then the Kripke model M! 
corresponding to M. validates T and satisfies X at t. 

Proof. We prove by induction on the construction of tp that if tp £ H(w ) for an 
arbitrary w £ W then M' , w \= tp. It suffices to consider only the non- trivial cases 
when tp is of the form (a) if) or [a]ip. Suppose that tp £ H(wo). 

Consider the case tp — (a)ip. Let (wo, po), . . . , (wk, <Pk) be a O-realization for tp 
at wo- We have that tpo = tp and tp k = ip. Let < i\ < . . . < it < k be all the indices 
such that, for 1 < j < h, tpi j is of the form (0^)^+1 with u)^ of the form or ip^ ?. 
Observe that u^u^ . . .Ui h £ C(a) and there is a path from wq to Wk in M whose 



The condition ^ £ H (v) is taken care of by global consistency. 
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edges are sequently labeled by those ui^ of the form Ui j . Since M is saturated, for 
1 < j < h, if oJij = (V'ij?) then -0^ £ H{wi-), which, by the inductive assumption, 
implies that M.' ,Wi j \= ipj. It follows that (wo, Wk) G a M ■ Since ip G H(wk), by the 
inductive assumption, we have M! \wk \= ip- Therefore M! \wq \= (a)ip. 

Consider the case ip = [a\ip. Let w be an arbitrary node of M. such that (wo, w) G 
a M . We show that ip G H(w). There exists a word S — w\...Wk G such 
that (wo,w) G (5^ . Let 1 < i\ < . . . < ih < k be all the indices such that, for 
1 < j < ^ ; is of the form ipil . For 1 < i < k such that « ^ {«i, . . . , ih}, let 

= <7j. There exist wi, . . . ,Wk G such that Wk — w and, for 1 < i < fc, if Wj 
is (Ti then (tUj-i, Wi) G erf 4 , else (i G {ii, . . . , ih} and = (0i?) and) = 
and Wi G Vi^ 1 i which, by Lemma A. 2, implies that tpi £ H(wi). Consider the left 
derivation of u>i . . . u>k from a using the context-free grammar Q (a) . By induction 
along this derivation, it can be shown that, for 1 < i < k, there exists a sequence 
Aj of universal modal operators such that G H(wi) and uj i+ i . . . u>k is derivable 
from the program sequence corresponding to A^ using a left derivation of Q{a). 
Hence ijj G H(wk), i.e., ip G H{w). By the inductive assumption, it follows that 
M',w \= ip. Therefore M',w \= f, which completes the proof. 

A. 3 Completeness 

Let G be an "and-or" graph for (X, r) with a consistent marking G' and let v be 
a node of G' . A saturation path of v w.r.t. G" is a finite sequence Vo = v, v\, . . . , Vk 
of nodes of G' , with k > 0, such that, for every < i < fc, vi is an "or"-node and 
(vi,Vi + i) is an edge of G", and Vk is an "and" -node. 

Lemma A. 4. Let G be an "and-or" graph for (X, r) with a consistent marking G' . 
Then each node v of G' has a saturation path w.r.t. G' . 

Proof. We construct a saturation path Vo, Vi,...ofv w.r.t. G' as follows. Set «o = v 
and i = 0. While Vi is not an "and" -node do: 

— If the principal of the static rule expanding Vi is not of the form {a)ip then let 
v i+ i be any successor of Vi that belongs to G 1 and set i := i + 1. 

— If the principal of the static rule expanding v t is of the form (a)ip then: 

• let t>j+i, . . . , Vj be the longest sequence of "or"-nodes of G' such that there 
exist formulas <fi+i, . . . , <pj such that the sequence (vi,ipi), . . . , (vj, ipj) is a 
prefix of a O-realization in G' for (a)ip at Vi\ 

• set i := j. 

The loop terminates because each formula not of the form (a) ip may be reduced 
at most once. <i 

Lemma A. 5 (Completeness). Let X and r be finite sets of traditional formulas 
in NNF, and let G be an "and-or" graph for [X, r). Suppose that G has a consistent 
marking G' . Then X is satisfiable w.r.t. the set T of global assumptions. 

Proof. We construct a model graph M = (W, {R a ) ae n a ,H) as follows: 



Optimal Tableau Decision Procedures for PDL 



25 



1. Let vo be the root of G' and v , ■ ■ ■ ,Vk be a saturation path of i>o w.r.t. G' . 
Set R a = for all a G LJq and set W — {r}, where r is a new node. Set 
H(t) := C(vk) U rfs(vk). Mark r as unresolved and set /(r) = Vk- (Each node of 
M. will be marked either as unresolved or as resolved, and / will map each node 
of M to an "and" -node of G' .) 

2. While W contains unresolved nodes, take one unresolved node wq and do: 

(a) For every (<r)(ai) . . . {ah)^> G H(wo), where ip is not of the form {(3)tp, do: 

i. Let ipo = (<t)(q!i) . . . (ah)if, <+Pi — (cti) . . . (ah)<p for 1 < i < h, and 
tfih+i — <P- Let u — f(vJo)- (As a maintained property of /, Lp n be- 
longs to the label of u .) Let the sequence (uo,(fo), (ui^i) be a O- 
realization in G' for ip at w - Let i\ = 1. For 1 < I < h, let the se- 
quence (u in ipi), . . . , (u il+1 , fi+i) be a O-realization in G' for ipi at u ir 
Let Ui h+11 . . . ,u m be a saturation path of Ui h+1 w.r.t. G '. 

ii. Let jo = < ji < . . . < j n -i < j n = m be all the indices such 
that, for < j < to, Uj is an "and"-node of G iff j £ {jo, . . . ,j n }- For 
< s < n — 1, let ((T s )ip s be the label of the edge (uj s , Uj s+ i) of G' . (We 
have that do = °"-) 

iii. For 1 < s < n do: 

A. Let Z s = C(u jg ) U rfs(u ja ). 

B. If there does not exist w s € W such that H(w s ) — Z s then: add 
a new node w s to W, set H(w s ) = Z s , mark w s as unresolved, and 
set f(w s ) = u jg . 

C. Add the pair (w s -i,w s ) to -R (Ts _ 1 . 

(b) Mark w as resolved. 

As is a one-to-one function and H(w) of each w G VF is a subset of FL(XU-T), 
the above construction terminates and results in a finite model graph. 

Observe that, in the above construction we transform the sequence u , . . . , u m 
of nodes of G 1 , which is a trace of ipo at uq that ends with if at u m , to a sequence 
wo, ■ • • , w„ of nodes of M. by sticking together nodes in every maximal saturation 
path and using both the sets C(ui) and rfs{ui). Hence, M is saturated and satisfies 
the local and global consistency properties. That is, M is a consistent and saturated 
model graph. 

Consider Step 1 of the construction. As the label of v is XUT, we have that X C 
H(t) and r C H(t). Consider Step 2(a)iii of the construction, as Uj s l is an "and"- 
node and Uj s l+ i is a successor of Uj 3 _ 1 that is created by the transitional rule, the 
label of Uj s _ 1+ i contains T, and hence the set C(uj s )Urfs(uj s ) also contains r. Hence 
r C H(w s ) for every w s G W. By Lemma A. 3, the Kripke model corresponding to 
M validates r and satisfies X at r. Hence, X is satisfiable w.r.t. r. 

B Soundness and Completeness of Cpdl+abox 

Lemma B.l (Soundness). Let A be an ABox and r be a TBox such that A is 
satisfiable w.r.t. T. Then any "and-or" graph for (A, T) has a consistent marking. 

Proof. Let G be an "and-or" graph for (A, r) and let v be the root of G. Clearly, 
C(vo) is satisfiable w.r.t. r. Let M. be a Kripke model that satisfies C(vo) and 
validates r. We first construct a sequence vq, ■ ■ ■ ,Vk of nodes of G such that: 
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(1) for 1 < i < k, Vi is a successor of Vi-\ and M. satisfies C(vi); 

(2) for < i < k, Vi is an "or" -node; 

(3) Vk is an "and" -node; 

(4) each formula of the form a: {a}tp of C(vk) has a static realization at Vk- 
Set i := 0. While Vi is not an "and"-node, do: 

— If the static rule expanding Vi is not one of (O'), (0' u ), (<>?), (^'*), then let v i+i 
be any successor of Vi such that M satisfies C(v i+ i), and set i := i + 1. 

— Else: Let the principal formula of rule applied to vi be a: (a)<p. 

• If Next(a : (a)ip) is not defined (i.e. no strategy for reducing a : (a)ip has 
been established): We have that a M G ((a)ip) M . Thus, there exists a word 
5 G L(a) and a state u G <p M such that (a M ,u) G S M . Since 5 G C(a), S is 
derivable from a using a left derivation of the context-free grammar Q(a). 
Set (3 := a and set A to the existential modality corresponding to (3. While 
A is not the empty modality and does not start with a modal operator of the 
form (a) and Next(a: Aip) is not defined: set (3 to the next expression in the 
mentioned derivation of 5; let A' be the existential modality corresponding 
to P; set Next(a : Aip) := (a:A'ip); and set A := A'. It is easy to see that 
a M G (Aip) M is an invariant of this loop. 

• Let Next(a : (a)<p) = (a : Aip). Note that a : Aip must belong to the label 
of one of the successors of i>j as a formula obtained from a : (a)<p. Let Vi+i 
be such a successor of Vi. By the above mentioned invariant, a M G (Aip) M . 
Hence, M satisfies C{vi + \). Set i := i + 1 to continue the main loop. 

The loop must terminate because all paths of complex nodes are finite (see the 
proof of Lemma 6.4). Set k := i. The sequence vq, . . . , Vk clearly satisfies Conditions 
(l)-(3). We show that it also satisfies Condition (4). Let a: {a)if G C(vk). We prove 
that o : (a) if has a static realization at Vk- Since Vk is an "and" -node, either a 
is an atomic program (and it is done) or a : (a)ip G rfs(vk). Consider the second 
case. There must exist < i < k such that a : (a)ip is the principal formula of the 
tableau rule applied to v^. The partial function Next determines a static realization 
for a : (a)ip at Vk- 

We construct a consistent marking G' of G as follows. At the beginning, G' 
contains the nodes u , • ■ • , v k and the edges (v i} v i+ i) for < i < k. Next, add to G' 
all successors v of Vk, which are simple nodes of G, together with the edges (vk,v). 
Then, for every simple node v of G' and for every successor w of v in G, if M satisfies 
C(w) then add the node w and the edge (v, w) to G'. 

It is easy to see that G' is a marking of G. Also, G' clearly satisfies the local 
consistency property. The first condition of the global consistency property of G' 
holds due to the construction of the sequence vo, ■ ■ ■ , Vk- For the second condition of 
the global consistency property of G', we can use the same proof as for Lemma A.l. 
Therefore G' is a consistent marking of G. This finishes the proof. <i 

The definition of "saturation path" remains unchanged for the case with ABoxes. 
The counterpart of Lemma A. 4 about existence of saturation paths for the case with 
ABoxes also holds. For this, one can use the same argumentation as in the proof of 
Lemma A. 4 together with the fact that all paths of complex nodes are finite. 
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Lemma B.2 (Completeness). Let A be an ABox, r a TBox, and G an "and-or" 
graph for (A, T) . Suppose that G has a consistent marking G' . Then A is satisfiable 

w.r.t. r. 

Proof. We construct a model graph M. = (W, (i? cr ) o - e rj , H) as follows: 

1. Let vo be the root of G' and Vo, ■ ■ ■ , Vk be a saturation path of v w.r.t. G'. Let 
Wo to the set of all state variables occurring in A and set W = Wo- For each 
a £ Wo, let H(a) be the set of all ip such that a : ip belongs to the label of Vk, 
and mark a as unresolved. (Each node of M will be marked either as unresolved 
or as resolved.) For each a £ 77 , set R a = {(a, b) \ a(a, b) £ A}. 

2. While W contains unresolved nodes, take one unresolved node wo and do: 

(a) For every (a)(ai) . . . {cth)<p £ H(wo), where p is not of the form (f3)ip, do: 

i. A. Let <po = (o")(ai) . . . (a h )cp, ipi = (oti) . . . (a h )(p for 1 < i < h, and 

B. If wo £ W then: 

— Let uq = Vk. 

— Let ui be the node of G' such that the edge (uo,u\) is labeled 
by (wo : fo)- (Recall that wo is a state variable and note that <pi 
belongs to the label of u\.) 

C. Else: 

— Let u = f(wo). (/ is a constructed mapping that maps each node 
of M. not belonging to Wo to an "and" -node of G' . As a maintained 
property of /, ipo belongs to the label of uq.) 

— Let Mi be the node of G' such that the edge (uo,u\) is labeled by 
ipo- (Note that <pi belongs to the label of Mi.) 

D. Let i\ — 1. For 1 < I < h, let the sequence (ui n ipi), . . . , {u i[+1 , tpi+i) 
be a O-realization in G' for pi at Uj r Let • ■ • , u m be a satu- 
ration path of Ui h+1 w.r.t. G 1 . 

ii. Let jo = < ji < . . . < j n -i < ] n =mbe all the indices such that, for 
< j < m, Uj is an "and" -node of G iff j £ {jo, ■ ■ ■ ,j n }- Let cto = 
For 1 < s < n — 1, let (cr s )ip s be the label of the edge (uj s ,Uj e+ i) of G". 

iii. For 1 < s < n do: 

A. Let Z s = C(uj 3 ) U rfs{uj s ). 

B. If there does not exist w s £ W such that H(w s ) = Z s then: add 
a new node w s to W, set H(w s ) = Z s , mark u> s as unresolved, and 
set f(w s ) = uj 3 . 

C. Add the pair (w s -i,w s ) to R IJs _ 1 . 

(b) Mark u>o as resolved. 

Note that the above construction differs from the construction given in the proof 
of Lemma A. 5 mainly by Steps 1 and 2(a)iB. 

The above construction terminates and results in a finite model graph because 
that: for every w, w' £ W\ Wo, w ^ w' implies H(w) ^ H(w'), and for every w £ W, 
H(w) is a subset of FL(X), where X = r U {ip | (a : <p) £ A for some a}. 

Similarly as for the construction given in the proof of Lemma A. 5, it can be 
seen that M. is saturated and satisfies the local consistency property. The global 
consistency condition clearly holds for nodes from W \ Wo- For w £ Wo and {a)p £ 
H(w), observe that the formula has a trace ending at some node of W \ Wo, which 
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then continues to form a O-realization for {a)ip at w. Hence, M is a consistent and 
saturated model graph. 

By the definition of "and-or" graphs for (A, -T) and monotonicity of the "prime" 
static rules of Cpdl+abox except (J-q) and (J-'): if (a : ip) G A then ip G H(a); 
if a(a, b) G A then (a, b) G R a \ and _T C H(a) for all a G Wo- We also have 
that r C H(w) for all u> G \ Wo- Hence, by Lemma A. 3, the Kripke model 
corresponding to M validates r and satisfies A. Thus „4 is satisfiable w.r.t. r. 



